CHANGES WITH 232 in spe
+ * The new RemoveIPC= option can be used to remove IPC objects owned by
+ the user or group of a service when that service exits.
+
+ * Support for dynamically creating users for the lifetime of a service
+ has been added. If DynamicUser=yes is specified, user and group IDs
+ will be allocated from the range 61184..65519 for the lifetime of the
+ service. They can be resolved using the new nss-systemd.so NSS
+ module. The module must be enabled in /etc/nsswitch.conf. Services
+ started in this way have PrivateTmp= and RemoveIPC= enabled, so that
+ any resources allocated by the service will be cleaned up when the
+ service exits.
+
+ The nss-systemd module also always resolves root and nobody, making
+ it possible to have no /etc/passwd or /etc/group files in minimal
+ container systems.
+
+ * Services may be started with their own user namespace using the new
+ PrivateUsers= option. Only root, nobody, and the uid/gid under which
+ the service is running are mapped. All other users are mapped to
+ nobody.
+
+ * Support for the cgroup namespace has been added to systemd-nspawn. If
+ supported by kernel, the container system started by systemd-nspawn
+ will have its own view of the cgroup hierarchy. This new behaviour
+ can be disabled using $SYSTEMD_NSPAWN_USE_CGNS environment variable.
+
+ * The new MemorySwapMax= option can be used to limit the maximum swap
+ usage under the unified cgroup hierarchy.
+
+ * Support for the CPU controller in the unified cgroup hierarchy has
+ been added, via the CPUWeight=, CPUStartupWeight=, CPUAccounting=
+ options. This controller requires out-of-tree patches for the kernel
+ and the support is provisional.
+
+ * .automount units may now be transient.
+
+ * systemd-mount is a new tool which wraps mount(8) to pull in
+ additional dependencies through transient .mount and .automount
+ units. For example, this automatically runs fsck on the block device
+ before mounting, and allows the automount logic to be used.
+
+ * LazyUnmount=yes option for mount units has been added to expose the
+ umount --lazy option. Similarly, ForceUnmount=yes exposes the --force
+ option.
+
+ * /efi will be used as the mount point of the EFI boot partition, if
+ the directory is present, and the mount point was not configured
+ through other means (e.g. fstab). If /efi directory does not exist,
+ /boot will be used as before. This makes it easier to automatically
+ mount the EFI partition on systems where /boot is used for something
+ else.
+
+ * disk/by-id symlinks are now created for NVMe drives.
+
+ * Two new user session targets have been added to support running
+ graphical sessions under the systemd --user instance:
+ graphical-session.target and graphical-session-pre.target. See
+ systemd.special(7) for a description of how those targets should be
+ used.
+
+ * The vconsole initialization code has been significantly reworked to
+ use KD_FONT_OP_GET/SET ioctls insteads of KD_FONT_OP_COPY and better
+ support unicode keymaps. Font and keymap configuration will now be
+ copied to all allocated virtual consoles.
+
+ * FreeBSD's bhyve virtiualization is now detected.
+
+ * Information recored in the journal for core dumps now includes the
+ contents of /proc/mountinfo and the command line of the process at
+ the top of the process hierarchy (which is usually the init process
+ of the container).
+
+ * systemd-journal-gatewayd learned the --directory option to serve
+ files from the specified location.
+
+ * journalctl --root=… can be used to peruse the journal in the
+ /var/log/ directories inside of a container tree. This is similar to
+ the existing --machine= option, but does not require the container to
+ be active.
+
+ * The hardware database has been extended to support
+ ID_INPUT_TRACKBALL, used in addition to ID_INPUT_MOUSE to identify
+ trackball devices.
+
+ MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL hwdb property has been added to
+ specify the click rate for mice which include a horizontal wheel with
+ a click rate that is different than the one for the vertical wheel.
+
+ * systemd-run gained a new --wait option that makes service execution
+ synchronous.
+
+ * A new journal output mode "short-full" has been added which uses
+ timestamps with abbreviated English day names and adds a timezone
+ suffix. Those timestamps include more information and can be parsed
+ by journalctl.
+
+ * /etc/resolv.conf will be bind-mounted into containers started by
+ systemd-nspawn, if possible, so any changes to resolv.conf contents
+ are automatically propagated to the container.
+
+ * The number of instances for socket-activated services originating
+ from a single IP can be limited with MaxConnectionsPerSource=,
+ extending the existing setting of MaxConnections.
+
+ * UDP Segmentation Offload, TCP Segmentation Offload, Generic
+ Segmentation Offload, Generic Receive Offload, Large Receive Offload
+ can be enabled and disabled using the new UDPSegmentationOffload=,
+ TCPSegmentationOffload=, GenericSegmentationOffload=,
+ GenericReceiveOffload=, LargeReceiveOffload= options in the
+ [Link] section of .link files.
+
+ Spanning Tree Protocol enablement, Priority, Aging Time, and the
+ Default Port VLAN ID can be configured for bridge devices using the
+ new STP=, Priority=, AgeingTimeSec=, and DefaultPVID= settings in the
+ [Bridge] section of .netdev files.
+
+ Address Resolution Protocol can be disabled on links managed by
+ systemd-networkd using the ARP=no setting in the [Link] section of
+ .network files.
+
+ * $SERVICE_RESULT, $EXIT_CODE, $EXIT_STATUS are set for ExecStop= and
+ ExecStopPost= commands.
+
* Journald's SplitMode=login setting has been deprecated. It has been
removed from documentation, and it's use is discouraged. In a future
release it will be completely removed, and made equivalent to current
default of SplitMode=uid.
+ * The --share-system systemd-nspawn option has been replaced with an
+ (undocumented) variable $SYSTEMD_NSPAWN_SHARE_SYSTEM, but the use of
+ this functionality is discouraged. In addition the variables
+ $SYSTEMD_NSPAWN_SHARE_NS_IPC, $SYSTEMD_NSPAWN_SHARE_NS_PID,
+ $SYSTEMD_NSPAWN_SHARE_NS_UTS may be used to control the unsharing of
+ individual namespaces.
+
CHANGES WITH 231:
* In service units the various ExecXYZ= settings have been extended
local changes made to systemd in a pristine, defined environment. See
HACKING for details.
+ * configure learned the --with-support-url= option to specify the
+ distribution's bugtracker.
+
Contributions from: Alban Crequy, Alessandro Puccetti, Alessio Igor
Bogani, Alexander Kuleshov, Alexander Kurtz, Alex Gaynor, Andika
Triwidada, Andreas Pokorny, Andreas Rammhold, Andrew Jeddeloh, Ansgar
#!/usr/bin/python3
-# -*- Mode: python; coding: utf-8; indent-tabs-mode: nil -*- */
+# -*- Mode: python; coding: utf-8; indent-tabs-mode: nil -*- */
#
-# This file is part of systemd.
+# This file is part of systemd. It is distrubuted under the MIT license, see
+# below.
#
-# Copyright 2016 Zbigniew Jędrzejewski-Szmek
+# Copyright 2016 Zbigniew Jędrzejewski-Szmek
#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
+# The MIT License (MIT)
#
-# systemd is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
#
-# You should have received a copy of the GNU Lesser General Public License
-# along with systemd; If not, see <http://www.gnu.org/licenses/>.
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
import functools
import glob
if (r < 0)
return r;
- fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC);
+ fd = mkostemp_safe(t);
if (fd < 0) {
free(t);
return -errno;
}
/* This is much like mkostemp() but is subject to umask(). */
-int mkostemp_safe(char *pattern, int flags) {
+int mkostemp_safe(char *pattern) {
_cleanup_umask_ mode_t u = 0;
int fd;
u = umask(077);
- fd = mkostemp(pattern, flags);
+ fd = mkostemp(pattern, O_CLOEXEC);
if (fd < 0)
return -errno;
/* Fall back to unguessable name + unlinking */
p = strjoina(directory, "/systemd-tmp-XXXXXX");
- fd = mkostemp_safe(p, flags);
+ fd = mkostemp_safe(p);
if (fd < 0)
return fd;
int fflush_and_check(FILE *f);
int fopen_temporary(const char *path, FILE **_f, char **_temp_path);
-int mkostemp_safe(char *pattern, int flags);
+int mkostemp_safe(char *pattern);
int tempfn_xxxxxx(const char *p, const char *extra, char **ret);
int tempfn_random(const char *p, const char *extra, char **ret);
if (!temp)
return log_oom();
- fdt = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
+ fdt = mkostemp_safe(temp);
if (fdt < 0)
return log_error_errno(fdt, "Failed to create temporary file: %m");
log_debug("Created temporary file %s", temp);
n /= arg_interval;
safe_close(fd);
- fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
+ fd = mkostemp_safe(k);
if (fd < 0) {
r = log_error_errno(fd, "Failed to open %s: %m", k);
goto finish;
assert_se(h = hashmap_new(&catalog_hash_ops));
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(write(fd, contents, size) == size);
static char name[] = "/tmp/test-catalog.XXXXXX";
int r;
- r = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ r = mkostemp_safe(name);
assert_se(r >= 0);
database = name;
log_debug("/* test compression */");
- assert_se((dst = mkostemp_safe(pattern, O_RDWR|O_CLOEXEC)) >= 0);
+ assert_se((dst = mkostemp_safe(pattern)) >= 0);
assert_se(compress(src, dst, -1) == 0);
log_debug("/* test decompression */");
- assert_se((dst2 = mkostemp_safe(pattern2, O_RDWR|O_CLOEXEC)) >= 0);
+ assert_se((dst2 = mkostemp_safe(pattern2)) >= 0);
assert_se(stat(srcfile, &st) == 0);
assert_se(m = mmap_cache_new());
- x = mkostemp_safe(px, O_RDWR|O_CLOEXEC);
+ x = mkostemp_safe(px);
assert_se(x >= 0);
unlink(px);
- y = mkostemp_safe(py, O_RDWR|O_CLOEXEC);
+ y = mkostemp_safe(py);
assert_se(y >= 0);
unlink(py);
- z = mkostemp_safe(pz, O_RDWR|O_CLOEXEC);
+ z = mkostemp_safe(pz);
assert_se(z >= 0);
unlink(pz);
fi
done
+# KERNEL_INSTALL_NOOP may be used by programs like lorax and rpm-ostree which
+# want to install a kernel (indirectly via RPM), but control generation of the
+# initramfs. In general, OSTree takes over kernel management too.
+if test -n "${KERNEL_INSTALL_NOOP:-}"; then
+ exit 0
+fi
+
if [[ "${0##*/}" == 'installkernel' ]]; then
COMMAND='add'
else
(void) mkdir_p_label("/run/systemd/ask-password", 0755);
- fd = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC);
+ fd = mkostemp_safe(temp);
if (fd < 0) {
r = fd;
goto finish;
uid_t uid;
int r;
- fd = mkostemp_safe(fn, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(fn);
assert_se(fd >= 0);
/* Use the mode that user journal files use */
int fd;
char name[] = "/tmp/test-asynchronous_close.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
asynchronous_close(fd);
/* without an adjtime file we default to UTC */
assert_se(clock_is_localtime("/nonexisting/adjtime") == 0);
- fd = mkostemp_safe(adjtime, O_WRONLY|O_CLOEXEC);
+ fd = mkostemp_safe(adjtime);
assert_se(fd >= 0);
log_info("adjtime test file: %s", adjtime);
f = fdopen(fd, "w");
log_info("%s", __func__);
- fd = mkostemp_safe(fn, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(fn);
assert_se(fd >= 0);
close(fd);
- fd = mkostemp_safe(fn_copy, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(fn_copy);
assert_se(fd >= 0);
close(fd);
log_info("%s", __func__);
- in_fd = mkostemp_safe(in_fn, O_RDWR);
+ in_fd = mkostemp_safe(in_fn);
assert_se(in_fd >= 0);
- out_fd = mkostemp_safe(out_fn, O_RDWR);
+ out_fd = mkostemp_safe(out_fn);
assert_se(out_fd >= 0);
assert_se(write_string_file(in_fn, text, WRITE_STRING_FILE_CREATE) == 0);
fd = open(src, O_RDONLY | O_CLOEXEC | O_NOCTTY);
assert_se(fd >= 0);
- fd2 = mkostemp_safe(fn2, O_RDWR);
+ fd2 = mkostemp_safe(fn2);
assert_se(fd2 >= 0);
- fd3 = mkostemp_safe(fn3, O_WRONLY);
+ fd3 = mkostemp_safe(fn3);
assert_se(fd3 >= 0);
r = copy_bytes(fd, fd2, max_bytes, try_reflink);
char name1[] = "/tmp/test-close-many.XXXXXX";
char name2[] = "/tmp/test-close-many.XXXXXX";
- fds[0] = mkostemp_safe(name0, O_RDWR|O_CLOEXEC);
- fds[1] = mkostemp_safe(name1, O_RDWR|O_CLOEXEC);
- fds[2] = mkostemp_safe(name2, O_RDWR|O_CLOEXEC);
+ fds[0] = mkostemp_safe(name0);
+ fds[1] = mkostemp_safe(name1);
+ fds[2] = mkostemp_safe(name2);
close_many(fds, 2);
char name[] = "/tmp/test-test-close_nointr.XXXXXX";
int fd;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(close_nointr(fd) >= 0);
assert_se(close_nointr(fd) < 0);
_cleanup_fdset_free_ FDSet *fdset = NULL;
char name[] = "/tmp/test-fdset_new_fill.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(fdset_new_fill(&fdset) >= 0);
assert_se(fdset_contains(fdset, fd));
_cleanup_fdset_free_ FDSet *fdset = NULL;
char name[] = "/tmp/test-fdset_put_dup.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
fdset = fdset_new();
int flags = -1;
char name[] = "/tmp/test-fdset_cloexec.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
fdset = fdset_new();
int flags = -1;
char name[] = "/tmp/test-fdset_close_others.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
fdset = fdset_new();
FDSet *fdset = NULL;
char name[] = "/tmp/test-fdset_remove.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
fdset = fdset_new();
int c = 0;
int a;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
fdset = fdset_new();
_cleanup_fdset_free_ FDSet *fdset = NULL;
char name[] = "/tmp/test-fdset_isempty.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
fdset = fdset_new();
_cleanup_fdset_free_ FDSet *fdset = NULL;
char name[] = "/tmp/test-fdset_steal_first.XXXXXX";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
fdset = fdset_new();
char **i;
unsigned k;
- fd = mkostemp_safe(p, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(p);
assert_se(fd >= 0);
close(fd);
- fd = mkostemp_safe(t, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(t);
assert_se(fd >= 0);
f = fdopen(fd, "w");
_cleanup_strv_free_ char **a = NULL, **b = NULL;
char **i;
- fd = mkostemp_safe(p, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(p);
assert_se(fd >= 0);
close(fd);
- fd = mkostemp_safe(t, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(t);
assert_se(fd >= 0);
f = fdopen(fd, "w");
FILE *f;
char *command;
- fd = mkostemp_safe(t, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(t);
assert_se(fd >= 0);
f = fdopen(fd, "w");
int fd;
char buf[64];
- fd = mkostemp_safe(fn, O_RDWR);
+ fd = mkostemp_safe(fn);
assert_se(fd >= 0);
f = fdopen(fd, "r");
char buf[64] = {};
_cleanup_close_ int fd;
- fd = mkostemp_safe(fn, O_RDWR);
+ fd = mkostemp_safe(fn);
assert_se(fd >= 0);
assert_se(write_string_file(fn, "boohoo", WRITE_STRING_FILE_CREATE) == 0);
_cleanup_close_ int fd;
char buf[64] = {0};
- fd = mkostemp_safe(fn, O_RDWR);
+ fd = mkostemp_safe(fn);
assert_se(fd >= 0);
assert_se(write_string_file("/a/file/which/does/not/exists/i/guess", "boohoo", 0) < 0);
_cleanup_strv_free_ char **l = NULL;
char **k, **v;
- fd = mkostemp_safe(fn, O_RDWR);
+ fd = mkostemp_safe(fn);
assert_se(fd >= 0);
r = write_string_file(fn,
int r;
FILE *f;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
close(fd);
int r;
FILE *f;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
close(fd);
IOVEC_SET_STRING(iov[1], ALPHANUMERICAL "\n");
IOVEC_SET_STRING(iov[2], "");
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
printf("tmpfile: %s", name);
r = writev(fd, iov, 3);
char name[] = "/tmp/test-close_nointr.XXXXXX";
int fd;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(close_nointr(fd) >= 0);
int fd = -1;
int r;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
close(fd);
char *hostname;
int fd;
- fd = mkostemp_safe(path, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(path);
assert(fd > 0);
close(fd);
char name[] = "/tmp/test-files_same.XXXXXX";
char name_alias[] = "/tmp/test-files_same.alias";
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(symlink(name, name_alias) >= 0);
char name_link[] = "/tmp/test-is_symlink.link";
_cleanup_close_ int fd = -1;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(symlink(name, name_link) >= 0);
char name[] = "/tmp/test-read_one_char.XXXXXX";
int fd;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
file = fdopen(fd, "r+");
assert_se(file);
log_debug("link1: %s", ans);
assert_se(endswith(ans, " (deleted)"));
- fd2 = mkostemp_safe(pattern, O_RDWR|O_CLOEXEC);
+ fd2 = mkostemp_safe(pattern);
assert_se(fd >= 0);
assert_se(unlink(pattern) == 0);
char name[] = "/tmp/test-load-env-file.XXXXXX";
_cleanup_close_ int fd;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(write(fd, env_file_1, sizeof(env_file_1)) == sizeof(env_file_1));
char name[] = "/tmp/test-load-env-file.XXXXXX";
_cleanup_close_ int fd;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(write(fd, env_file_2, sizeof(env_file_2)) == sizeof(env_file_2));
char name[] = "/tmp/test-load-env-file.XXXXXX";
_cleanup_close_ int fd;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(write(fd, env_file_3, sizeof(env_file_3)) == sizeof(env_file_3));
_cleanup_close_ int fd;
int r;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(write(fd, env_file_4, sizeof(env_file_4)) == sizeof(env_file_4));
char name[] = "/tmp/test-load-env-file.XXXXXX";
_cleanup_close_ int fd;
- fd = mkostemp_safe(name, O_RDWR|O_CLOEXEC);
+ fd = mkostemp_safe(name);
assert_se(fd >= 0);
assert_se(write(fd, env_file_5, sizeof(env_file_5)) == sizeof(env_file_5));